Hi
I think I have fixed this bug. The 'virtual_size_add_new' function in
src/lib-storage/index/index-status.c creates a 'search_args' object and
forgets to free it at the end. The function does call the
'mailbox_search_deinit' function but 'mailbox_search_deinit' only frees
the 'search_ctx' object and reduce the refcount of 'search_args' by one
but that doesn't cause 'search_args' to be freed because its refcount
was 2. So an extra 'mail_search_args_unref' must be called.
Timo, it would be nice if you could write a small comment if the
attached patch is the right approach to address this issue.
Dafan
On 09/05/2012 10:53 AM, Dafan Zhai wrote:
Hi everyone,
I am writing a dovecot statistic plugin, which calls the
'mailbox_get_metadata' function with MAILBOX_METADATA_VIRTUAL_SIZE as
the 2nd parameter.
enum mailbox_status_items metadata_items = MAILBOX_METADATA_VIRTUAL_SIZE;
struct mailbox_metadata metadata;
mailbox_get_metadata(mailbox, metadata_items, &metadata);
but Valgrind finds a memory leak when this function is called:
---------------------------------------------------snip--------------------------------------------------------------
==10304== 12,288 bytes in 3 blocks are definitely lost in loss record 74
of 76
==10304== at 0x40222A4: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10304== by 0x416EE9F: block_alloc (mempool-alloconly.c:237)
==10304== by 0x416F16C: pool_alloconly_create (mempool-alloconly.c:140)
==10304== by 0x409C07D: mail_search_build_init (mail-search-build.c:187)
==10304== by 0x40C77F1: index_mailbox_get_metadata (index-status.c:200)
==10304== by 0x4067102: maildir_mailbox_get_metadata
(maildir-storage.c:486)
==10304== by 0x409F78B: mailbox_get_metadata (mail-storage.c:1298)
==10304== by 0x490492D: mailbox_status_update (statistic-plugin.c:310)
==10304== by 0x4904E2E: statistic_mail_save (statistic-plugin.c:426)
==10304== by 0x41A054D: notify_contexts_mail_save (notify-plugin.c:61)
==10304== by 0x41A104F: notify_save_finish (notify-storage.c:143)
==10304== by 0x409EE94: mailbox_save_finish (mail-storage.c:1673)
---------------------------------------------------snip--------------------------------------------------------------
I have looked into the source code, and found that from the
'mail_search_build_init' function call in
lib-storage/index/index-status.c:200 a pool is created, but the pool is
not freed in the mailbox_search_deinit function call in
lib-storage/index/index-status.c:218.
This may be the reason of the memory leak. But I do not know how to free
the pool.
It seems to me that doveadm is having the same memory leak because it is
using 'mail_search_build_init' too.
---------------------------------------------------snip--------------------------------------------------------------
# valgrind --leak-check=full doveadm mailbox status -u testuser1 vsize
INBOX
==10457== Memcheck, a memory error detector
==10457== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==10457== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==10457== Command: doveadm mailbox status -u testuser1 vsize INBOX
==10457==
INBOX vsize=41643319
==10457==
==10457== HEAP SUMMARY:
==10457== in use at exit: 4,356 bytes in 3 blocks
==10457== total heap usage: 440 allocs, 437 frees, 539,124 bytes allocated
==10457==
==10457== 4,096 bytes in 1 blocks are definitely lost in loss record 3 of 3
==10457== at 0x40222A4: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==10457== by 0x41AEE9F: ??? (in /usr/lib/dovecot/libdovecot.so.0.0.0)
==10457== by 0x41AF16C: pool_alloconly_create (in
/usr/lib/dovecot/libdovecot.so.0.0.0)
==10457== by 0x40DC07D: mail_search_build_init (in
/usr/lib/dovecot/libdovecot-storage.so.0.0.0)
==10457== by 0x8057EB8: doveadm_mail_mailbox_search_args_build (in
/usr/bin/doveadm)
==10457== by 0x805855A: ??? (in /usr/bin/doveadm)
==10457== by 0x8053A7B: doveadm_mail_single_user (in /usr/bin/doveadm)
==10457== by 0x8053D2B: ??? (in /usr/bin/doveadm)
==10457== by 0x80541CF: doveadm_mail_try_run (in /usr/bin/doveadm)
==10457== by 0x805B863: main (in /usr/bin/doveadm)
==10457==
==10457== LEAK SUMMARY:
==10457== definitely lost: 4,096 bytes in 1 blocks
==10457== indirectly lost: 0 bytes in 0 blocks
==10457== possibly lost: 0 bytes in 0 blocks
==10457== still reachable: 260 bytes in 2 blocks
==10457== suppressed: 0 bytes in 0 blocks
==10457== Reachable blocks (those to which a pointer was found) are not
shown.
==10457== To see them, rerun with: --leak-check=full --show-reachable=yes
==10457==
==10457== For counts of detected and suppressed errors, rerun with: -v
==10457== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 122 from 35)
---------------------------------------------------snip--------------------------------------------------------------
Dovecot version: 2.1.9
OS: Linux 3.0.30-dist i686
maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir/INBOX
I have applied the following patches from the dovecot 2.1 branch fixing
memory leaks:
http://hg.dovecot.org/dovecot-2.1/rev/7bdbca7b0913
http://hg.dovecot.org/dovecot-2.1/rev/963482677c0b
It would be nice if you could give me some hints how I can address this
issue?
Thanks in advance!
Greetings,
Dafan
--
Follow us on Facebook:
<http://www.facebook.com/pages/Securepoint-GmbH/132451210137395>
Follow us on Twitter:
<http://twitter.com/SecurepointStat>
---------------------------------------------------------------------
Securepoint GmbH | Entwicklung
Dafan Zhai
Salzstr. 1
D-21335 Lueneburg
http://www.securepoint.de
Tele: ++49 4131 2401-0 Fax: ++49 4131 2401-50
Lueneburg HRB 1776
---------------------------------------------------------------------
CONFIDENTIALITY :
This e-mail and any attachments are confidential and may be privileged.
If you are not a named recipient, please notify the sender immediately
and do not disclose the contents to another person, use it for any
purpose or store or copy the information in any medium.
GEHEIMHALTUNGSPFLICHT :
Dieses E-Mail und alle damit verbundenen Anlagen sind vertraulich
und dürfen nur bestimmten Personen zugänglich gemacht werden.
Sofern Sie nicht zu den angegebenen Empfängern gehören, benachrichtigen
Sie bitte unverzüglich den Absender. Der Inhalt darf weder an Dritte
weitergegeben noch zu anderen Zwecken verwendet werden. Die
Informationen dürfen auch nicht auf einem Datenträger gespeichert
oder auf einen Datenträger kopiert werden.
>From 4259e7ef32a4108b803f02adcc5bf8e7a8e407cc Mon Sep 17 00:00:00 2001
From: Dafan Zhai <dafan.z...@securepoint.de>
Date: Thu, 6 Sep 2012 18:05:35 +0200
Subject: [PATCH] lib-storage: Fixed memory leak in function
virtual_size_add_new.
Function virtual_size_add_new forgets to free the 'search_args'
object after it searches the mails.
---
src/lib-storage/index/index-status.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib-storage/index/index-status.c b/src/lib-storage/index/index-status.c
index 263cb38..f834379 100644
--- a/src/lib-storage/index/index-status.c
+++ b/src/lib-storage/index/index-status.c
@@ -217,6 +217,7 @@ virtual_size_add_new(struct mailbox *box,
}
if (mailbox_search_deinit(&search_ctx) < 0)
ret = -1;
+ mail_search_args_unref(&search_args);
if (ret == 0) {
/* success, cache all */
--
1.7.5.4
